oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request Qemu: display: virtio-gpu-3d: information leakage in virgl_cmd_get_capset

From: <cve-assign () mitre org>
Date: Thu, 8 Dec 2016 01:34:10 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Quick Emulator built with the Virtio GPU Device emulator support is vulnerable
to an information leakage issue. It could occur while processing
'VIRTIO_GPU_CMD_GET_CAPSET' command.

A guest user/process could use this flaw to leak contents of the host memory
bytes.

http://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00059.html


Use CVE-2016-9908.

This is not yet available at
http://git.qemu.org/?p=qemu.git;a=history;f=hw/display/virtio-gpu-3d.c but
that may be an expected place for a later update.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYSPv1AAoJEHb/MwWLVhi2qoIQAIk8ONXgNCxXa2Ikd9HOn88n
h8NNQszbalHBui/MHF9vQhJGRGJ4iRZdu9mSnLgxJU+6huTkaWFYevul2Vwb7SEb
HgS2SQx5d3hLwObCjSqHt/PfuT6lPDlH6h0Gjt4lViFUPAPPORc/5bI0jRAGWd2N
pC9tsUNsq9dl00pdyox6KpqiklsvVVPKA7spkPMw5uAR2DK/B7HTyJeKuaKJ2XQq
wVkgpCa6im86AW+zV14KRMwftNUO5H0zkXOkib/h/DuVUNzhClY2PStxePLTmqTi
pnaSeZcTr5Ti/FMMhtOtS5LOlV35wkpah/dHzDFNZW5Fk54AAeoxVsPr6tKa3VdH
a5izyLu05pk/B84cvOL2wl93Stt2NnZudI1JqUvPt5nfwDasVL8g/5XbHgmZhqcN
74uZf5Zo9V9ae0dET73laQTcIXUy6vEk7nvV0mmA5uTrLVS4fGMdOJI9gQVAZkqW
+NzWs1FJZpNRo4kQCszAC39agb2FXRseMNO8h2bON5CgyPtpa5pL+mVNJ00iPmri
8X8RDM3h6VupDy1gF6eBFzVRVnhxgvxHf3g8P5qcoxLr0/U75XcPthy9943NDr6C
FU6G897DnS9UkWhc1M+g3sLgj/wO1KrpSzf+ppshD5IOxsraAWg5AXRXvEPs6Du0
vmgrb/UXnHL9UxJjy7Xo
=/c0X
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: